CVSS: 3.5EPSS: 0%CPEs: 15EXPL: 0CVE-2022-46168 – Group SMTP user emails are exposed in CC email header
https://notcve.org/view.php?id=CVE-2022-46168
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta15 on the `beta` and `tests-passed` branches, recipients of a group SMTP email could see the email addresses of all other users inside the group SMTP topic. Most of the time this is not an issue as they are likely already familiar with one another's email addresses. This issue is patched in versions 2.8.14 and 2.9.0.beta15. The fix is that someone sending emails out via group SMTP to non-staged users masks those emails with blind carbon copy (BCC). • https://github.com/discourse/discourse/pull/19724 https://github.com/discourse/discourse/security/advisories/GHSA-8p7g-3wm6-p3rm • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0CVE-2022-23548
https://notcve.org/view.php?id=CVE-2022-23548
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, parsing posts can be susceptible to regular expression denial of service (ReDoS) attacks. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds. • https://github.com/discourse/discourse/pull/19737 https://github.com/discourse/discourse/security/advisories/GHSA-7rw2-f4x7-7pxf • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0CVE-2022-23549 – Discourse vulnerable to bypass of post max_length using HTML comments
https://notcve.org/view.php?id=CVE-2022-23549
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, users can create posts with raw body longer than the `max_length` site setting by including html comments that are not counted toward the character limit. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds. • https://github.com/discourse/discourse/commit/bf6b08670a927cc80bb090b7a2e710b4b554e6a8 https://github.com/discourse/discourse/security/advisories/GHSA-p47g-v5wr-p4xp • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2022-46159 – Any authenticated Discourse user can create an unlisted topic
https://notcve.org/view.php?id=CVE-2022-46159
Discourse is an open-source discussion platform. In version 2.8.13 and prior on the `stable` branch and version 2.9.0.beta14 and prior on the `beta` and `tests-passed` branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take up unnecessary site resources. A patch for this issue is available in the `main` branch of Discourse. There are no known workarounds available. • https://github.com/discourse/discourse/commit/0ce38bd7bce862db251b882613ab7053ca777382 https://github.com/discourse/discourse/security/advisories/GHSA-qf99-xpx6-hgxp • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.1EPSS: 0%CPEs: 11EXPL: 0CVE-2022-46148 – Discourse allows self-XSS through malicious composer message
https://notcve.org/view.php?id=CVE-2022-46148
Discourse is an open-source messaging platform. In versions 2.8.10 and prior on the `stable` branch and versions 2.9.0.beta11 and prior on the `beta` and `tests-passed` branches, users composing malicious messages and navigating to drafts page could self-XSS. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Discourse es una plataforma de mensajería de código abierto. • https://github.com/discourse/discourse/security/advisories/GHSA-c5h6-6gg5-84fh • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •